Schnucks Falls Victim of Cyberattack

Last week the news stories broke all over the St. Louis metro area about people’s credit card number being stolen and fraudulent charges being made. The common thread of all of these fraudulent charges was these cards were also used at Schnucks Markets in St. Louis, Missouri. According to a press release on Schnucks.com from March 30, 2013, Schnucks CEO Scott Schnucks says “After extensive review, we confirmed that Schnucks was the victim of a cyberattack”.

Why would Schnucks supermarket store your credit card information in a centralized database system that could fall victim to cybercrimes and hacking? Most stores take in credit card information encoded on the magnetic stripe at the point of sale and store this information temporarily until all transactions are batched out. They do this to keep banking fees at a minimum for charging credit cards, unfortunately this means that your credit card information is being stored for a period of time, which in turn means it can be hacked and stolen, which is exactly what happened to Schnucks.

If you have fallen victim to this cyberattack, you will need to cancel your credit card and get a new one, as the cybercriminal will still be able to use your credit card number to make fraudulent purchases until the card has been canceled.

This is the official Press Release from Schnucks:

“ST. LOUIS – Schnucks announced today that it has “found and contained” the issue behind the reports of unauthorized access to payment card information at Schnucks, and it has taken comprehensive measures designed to block any further access. The computer forensic firm that Schnucks engaged found evidence of computer code that would capture the magnetic stripe data on the back of payment cards. Now that the issue has been identified and contained, the investigation will turn to determining for how long the issue existed and which stores were affected. Customers can continue to use credit and debit cards at Schnucks.

“After an extensive review, we confirmed that Schnucks was the victim of a cyberattack,” said Chairman and CEO Scott Schnuck. “We have identified the issue and taken comprehensive measures to contain the incident. We are cooperating with law enforcement, the Missouri Attorney General’s Office, and the credit card companies to determine the scope and magnitude of this crime and apprehend those individuals making fraudulent purchases. We have been told by the computer forensics expert that the security enhancements we have implemented in the last 48 hours are designed to block this attack from continuing. Our customers can continue using credit and debit cards at our stores. We apologize for any inconvenience this may have caused our customers, and we thank each of them for their patience while we worked hard to investigate their concerns.”

Schnucks advises that if customers suspect their cards may have been compromised, they should immediately contact their credit or debit card company, typically a bank or credit union.

Founded in St. Louis in 1939, Schnuck Markets, Inc. operates 100 stores (including five Logli and six Hilander stores) and 96 in-store pharmacies in Missouri, Illinois, Indiana, Wisconsin and Iowa. Follow Schnucks on Facebook at www.facebook.com/Schnucks.”